The problem with the library OpenSSH in Debian has generated too much noise in the blogsphere, in the last days. But just today I realize many of my servers would be vulnerable to this kind of explotation. You can detect if your system are affected using this script in python: http://demo21.ovh.com/82a960d7199ea9391c73c2034b6b34dfP/debian_ssh_scan_v4.tar.bz2 If your are affected, simple upgrade your system using this commands as root: # apt-get update # apt-get dist-upgrade Just to be sure your system had not compromise conduct an audit to check if nobody has gained access to the server meanwhile it was vulnerable through this flaw in the library. You can read more about this problem in Technology Review.

The newest service of Google that has drawn my attention in recent months is GAE (Google App Engine), which allows us to use the Google’s network to deploy our web application in a transparent manner and win the ability to withstand million hits a day and to have our data replicated. Solving two serious problems facing all Start-up of the Information Technology Industry, scalability and high availability.

The main problem now with GAE, which is in beta right now, is that it is just available by invitation from Google. Fortunately I have one of this invitations accounts, but I began to think of all those who wish to test the service and currently do not have an GAE account . Even if I would be generous, Google does not allow more than three projects in GAE right now, and I can not erase projects, so until I have to be careful with my three projects.

So what can we do? Well, Google now offers as part of the SDK of GAE a very simple webserver which allows us to test our GAE application in our own machine, the problem is that by default the script dev_appserver.py only listen on localhost on port 8080. I thought about it, and after play around with the settings, I got a configuration that works using public IP and port 80, now I have that kind of solution running on http://gae.volkanrivera.com

It is important to be aware that not all features are supported by the GAE dev_appserver.py, the most important lack is the ability of logging using a Google Account. Please note that this type of solution I present here is a bit risky so I recommend you do it on a virtual server that can simply shut down in case of problems (someone hack the dev_appserver.py and our server is used to send spam). Let’s start with the configuration, as root user install these packages:

# apt-get install g++ zip unzip less postfix proftpd pound

If necessary you can reconfigure the postfix using this command:

# dpkg-reconfigure postfix

When asked about what type of service you want for proftpd, select "standalone". Then edit /etc/proftpd/proftpd.conf and add these lines:

Now that we have installed our SDK we proceed to create a user who will run the GAE webserver in our case we will use the username "gae", but it can be anyone:

# adduser gae

Finally we change the user "gae" and continue the rest of the configuration as "gae" user:

$ cd ~/
$ cp -R /usr/local/gae/demos/guestbook/ ./
We need to create two scripts one to start the GAE server and another to stop it, here the script to start up the dev_appserver.py, you can call it "start_gae":

#!/bin/bash

/usr/local/gae/dev_appserver.py
–enable_sendmail
$1
2>~/gae.log &
Here is the script to stop it, you can call it "stop_gae":

#!/bin/bash

kill -9 `lsof -i :8080 | grep ^python | awk ‘{print $2}’`
Before starting the server GAE, we need to create the following files, we’ll do with the same user that will run GAE webserver, to do so we use these commands:

$touch /tmp/dev_appserver.datastore
$touch /tmp/dev_appserver.datastore.history
If you do not have privileges to create these files as user "gae", simply change to "root" user create them, and then change the owner with the chown command to user "gae". Now we are ready to start the GAE server, which for the moment we use to run the demo application that comes within the SDK call "guestbook", to do so as the user "gae" execute this command:

$ ./start_gae guestbook/

If you have done all well. You should obtain this as the result of a "netstat-tl":

The Apple Macintosh perform 24 years of its launch in the market this January 24, and with it the introduction of the graphical environment to the general public. Prior to the Apple Macintosh PC, the model Lisa, had already offered a graphical environment and mouse, but at a prohibitive price of nearly $ 10000. To commemorate the date Dave Clausen, has made a modification of a case Macintosh 512k and has changed the mainboard by a Mac Mini, in addition to making the appropriate adjustments in order to withstand a floppy LS120 and the classic keyboard and the mouse Macintosh 512k. The steps required to replicate the feat, circuits, photos and videos of the project are on the website of Dave. Here the video of Steve Jobs introducing the Apple Macintosh:

After giving me a tour of the site of CompUSA, looking for a bargain because it is already in liquidation, I found it suspiciously similar to the website of Tigerdirect, then I decided to check out where is hosted the CompUSA website, and oh! surprise, it is in range of IPs that belong to Tigerdirect.

In 1987, Guns N’ Roses, rock band release its firs album "Appetite for Destruction", in which "Sweet Child O’Mine" was the first number one hit of the band. But I found this video, which is really funny, the same song but in unplugged version played by Indian musicians:

In a paper published in the Indiana University the researchers Hao Hu, Steven Meyers, Vittoria Colizza and Alessandro Vespignani (which can be downloaded from here). Explain how is possible a specific designed malware can propagate for a entire city using the wifi routers, because in many cases it has areas where the signal overlap. If it became a true event could stop a vast part of the Internet.